On Wed, 29 Oct 2008, Sven Garly wrote:
[color=blue]
> What I don't seem to be able to do is verify 3 with 2: openssl verify
> -CAfile 2 3
>
> I get:
> 3: /C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd/OU=2
> error 2 at 1 depth lookup:unable to get issuer certificate
>
> What am I doing wrong? Should I be able to verify a chain of certificates
> one at a time (i.e.verify 2 against 1 then later 3 against 2)?[/color]

Read the error message? OpenSSL doesn't know where to get 1's certificate
(the issuer of 2's certificate). It can't pull it out of thin air. Try
appending the contents of file 1 to file 2. (adding 1's certificate to 2's
bundle).